ldapauth README --------------- This module came out of my specific needs in search of a possible solution to use a member directory for authentication. I am still not sure if this is the best approach to this problem, but it works ! I have tested it under a fair amount of load. So, if you happen to use it, please forward your setup, thoughts, ideas and inputs to me. email: zadk@mynet.com jid: zad@jabber.org Module Description ------------------ The module has a simple purpose, bypass the standard jabber server authentication, and perform authentication (NOT registration) against an LDAP directory. As an example, I have a membership directory for my site which has recorded a number of users, and I want my current users to use jabber IM. However, I want the jabber specific data (such as roster) to still remain on the xdb (spool). Only authentication is to be performed against the LDAP. Currently ldapauth supports 2 of the 3 jabber authentication types, namely plain text and digest (which uses Secure Hash Algorithm SAH1). I have used this module with jabber server 1.4.1 running on redhat 6.2/7.1, and Microsoft Membership Directory (Siteserver 3.0) running on Windows 2000 servers since August 2001 under average 4k daily logins. It has been setup and run under other configurations (Redhat 7.1 and openLDAP are the first to come to my mind, but I'm sure others on the jadmin and jdev list who have tested other environments). In order to handle ldapauth registration, as is, there has to be some sort of script or process which creates a "minimum" user xml under the spool as the user signs up for the service. This shouldn't be hard to implement. ldapauth Setup -------------- 1 - edit server config file. Add ldapauth modules (printed in red) and remove mod_auth_plain, mod_auth_digest, mod_auth_0k modules. Mine lookes somthing like this after editing: ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so ./jsm/jsm.so 2 - Replace mod_register.c if you don't want user password to be saved on 'user.xml'. This should work for ldapauth2 as well although I haven't tested with it. 3 - Add the new ldapchk tag to jabber.xml. I put mine right after tag 210.10.1.48 1004 cn=admin,ou=members,o=mysite1 taz1 ou=members, o=mysite1 4 - Edit jabber-1.4.1/platform-settings file and add LDAP lib to the 'LIBS' environment variable. Mine was nss_ldap-2.1.3 (note that this file will be over-written everytime you run configure). Typical LIBS looks like this: LIBS= -lpth -ldl -lresolv -lnss_ldap-2.1.3 5 - Edit jsm/Makefile and jsm/modules/Makefile. add mod_auth_ldap_z.o and mod_auth_ldap_digest.o to jsm_EXOBJECTS. Example: jsm_EXOBJECTS = \ modules/mod_admin.o \ modules/mod_agents.o \ modules/mod_browse.o \ modules/mod_announce.o \ modules/mod_auth_ldap_z.o \ modules/mod_auth_ldap_digest.o \ . . . 6 - run 'make'. Good luck, Zad JID: zad@jabber.org